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REMARKS 

Claims 10, 1 1, 14-16 and 33-52 are pending in the application. 
I. ISSUES RELATED TO CITED REFERENCES 
A. 35 U.S.C, 102(b) - MONTAGUE 

Claims 10, 1 1, 33-41 and 45-48 are rejected under 35 U.S.C. 102(b) as allegedly 
anticipated by Montague et al, U.S. Patent No. 5,761, 669 (hereafter ''Montague''). The 
rejection is respectfiiUy traversed. 

Independent Claim 33 

Independent method claim 33 recites: 

identifying first sub-entries in a first access control list, wherein the first access control 
list comprises first entries, and wherein the first sub-entries identified fi-om the 
first access control list comprise (i) disjoint entries of the first entries or (ii) 
overlapping sections identified fi^om the first entries or (iii) non-overlapping 
sections identified fi-om the first entries; and 
programmatically determining whether the first access control list is fimctionally 

equivalent to a second access control list by determining whether each of the first 
sub-entries in the first access control list is equivalent to or contained by one or 
more entries of the second access control list, 
(emphasis added). Claim 33 provides a method of comparing access control lists (ACLs), even 
if any of the access control lists contain highly redundant entries or overlapping sections of 
entries. According to claim 33, first sub-entries are identified fi-om a first ACL that comprises 
first entries. The identified first sub-entries comprise 1) disjoint entries of the first entries, 2) 
overlapping sections identified fi-om the first entries, or 3) non-overlapping sections identified 
from the first entries. Once the first sub-entries are identified from the first ACL, determining 
whether the first ACL is functionally equivalent to a second ACL can be done using the first 
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sub-entries just identifled. Specifically, it is determined whether each of the first sub-entries is 
equivalent to or contained by one or more entries of the second ACL. 

Thus, under this approach, even if the first entries of the ACL are highly redundant or 
overlap, in determining the functional equivalency of the two ACLs it is not necessary to 
perform comparison operations using the highly redundant or overlapping first entries directly. 
Instead, according to claim 33, determining the fimctional equivalency of the two ACLs is 
reduced to determining whether each of the first sub-entries identified firom the first ACL is 
equivalent to or contained by one or more entries of the second ACL. One resuU is that 
determining whether two ACLs are fimctionally equivalent is far faster. 

Such a method is neither disclosed nor suggested by Montague, Instead, Montague 
describes processing a generic access control request firom a trustee to alter access permissions 
on an entity, translating the generic access control request received into a local operating system 
specific format, and changing an existing ACL for the entity (Abstract; FIGs 9 & 10) based on 
the received access control request. 

As described in col. 14 line 60 - col. 15 line 27 of Montague, a trustee provides account 
ID, access permissions, and an entity (to which the permissions are applied) in an access control 
request (254 of FIG. 1 1) to a server that hosts an existing ACL (ACCESS CONTROL LIST 
PRIOR TO REQUEST of FIG. 1 1). The existing ACL sought to be changed by the access 
control request may include one or more existing access control entries (ACEs) for the entity 
(258 of FIG. 1 1). After being translated into a local operating specific format, the access control 
request received is merged with the existing ACL into a new ACL (Montague col. 15 lines 28- 
52; ACCESS CONTROL LIST AFTER MERGING REQUEST of FIG. 1 1). Specifically, in the 
merging step, existing ACEs (258 of FIG. 11) are identified for the entity in the existing ACL; 
and actions (enumerated in FIG. 15) are taken to add new ACEs, or remove/change the existing 
ACEs to produce the new ACL. These actions taken may be based on relationships between the 
existing ACEs and the access control request, as will be discussed infra. 
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As described in col. 16 line 18 - col. 17 line 25 (cited by the Examiner in October 31, 
2006 Final Office Action) of Montague, an ACE for the entity (such as a container) may contain 
an inheritance attribute that defines a scope of permissions in the same ACE. Similarly, the 
access control request received may also carry an inheritance attribute that defines a scope of 
permissions in the request. As between these two scopes, various types of (containment) 
relationships may exist, as shown in FIG. 12 of Montague, 

Depending on the (containment type) relationship (FIG. 12) between the existing scope 
of permissions as expressed by inheritance attributes of an existing ACE for the entity and the 
scope of permissions carried by the inheritance attribute in the access control request, a different 
action shown in FIG. 13 or FIG. 15 may be taken. Specifically, FIG. 13 is used if permissions of 
the existing ACE are of the same type as those of the access control request; or FIG. 15 is used if 
permissions of the existing ACE are of the opposite type to those of the access control request. 

No Step of Identifying Sub-entnes in Montague 

As this discussion shows, Montague is quite different from that claimed in amended 
claim 33. Montague, for example, fails to describe identifying sub-entries from an ACL, as 
recited in claim 33. At best, Montague only describes identifying ACEs, or inheritance attributes 
thereof, in an existing ACL. That is not the same as what is claimed by claim 33. 
No Step of Determining Equivalencv Between ACLs in Montague 
Claim 33 recites a first ACL and a second ACL. Montague describes only one ACL — an 
existing ACL prior to the access control request, and the same ACL after merging the access 
control request. Further, Montague has no description of determining functional equivalency 
between two ACLs, as claimed. Montague has no need for such a determining step in the first 
place; the "before" ACL and "after" ACL of Montague by definition are not fimctionally 
equivalent. 

No Affirmative Step of Determining Equivalencv Using Sub-entries in Montague 
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In claim 33, determining functional equivalency of two ACLs comprises detemiining 
whether each of the sub-entries identified from one of the two ACLs is contained by or 
equivalent to one or more entries in the other of the two ACLs. Since Montague only describes 
identifying entries or their inheritance attributes in an existing ACL, but completely fails to 
describe identifying anything resembling the sub-entries recited in claim 33, Montague cannot 
possibly disclose determining functional equivalency of the two ACLs by using sub-entries. 

The Examiner's Analogy Is Incorrect 

Page 4 of the Office Action cites a passage of Montague (col. 16 line 18 to col. 17 line 
25) as allegedly describing claim 33, without correlating any entity described in the cited passage 
to any feature of claim 33. As best understood by Applicants, the Office Action analogizes the 
relationships depicted in FIG. 12 of Montague to various types of the sub-entries featured in 
claim 33. This analogy is incorrect. The depicted relationships in Montague are quite different 
from the types of the sub-entries featured in claim 33. In Montague, each relationship is between 
an existing entry in the existing ACL and the access control request previously discussed. 

In contrast, a sub-entry as featured in claim 33 may, for example, be a disjoint entry of 
first entries or a non-overlapping section of first entries in a first ACL. Such a sub-entry is a first 
entry or a section of a first entry that does not overlap with other first entries that are in the first 
ACLfi-om which the sub-entry is identified, while the disjoint entry 270 depicted in FIG. 12 of 
Montague is an existing ACE whose scope of permissions happens to be non-overlapping with 
that of an access control request that is not in the existing ACL fi^om which the existing ACE is 
identified. 

Similarly, a sub-entry as featured in claim 33 may, for example, be an overlapping 
section of first entries in the first ACL. Such a sub-entry is a section identified from the first 
entries that overiaps with another first entry or other first entries that are in the first ACLfi-om 
which the sub-entry is identified, while an overlapping area in the overlapping relationships 272 
through 278 depicted in FIG. 12 of Montague is an area of an existing ACE whose scope of 
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permissions overlaps with that of an access control request that is not in the existing ACL from 
which the existing ACE is identified. 

Thus, even assuming existing ACEs of an existing ACL m Montague could be made 
analogous to the first entries of the first ACL featured in claim 33, the analogy of the Office 
Action is incorrect, since the relationships disclosed in Montague are relationships between an 
existing ACE in an ACL and an entity (i.e., an access control request) outside the ACL, not like 
relationships between some entries in an ACL and some other entries in the same ACL as 
featured in claim 33. At best, the passage cited by the Examiner and FIG. 12, both of Montague, 
only describes that an existing ACE in an existing ACL may be disjoint or overlapping with 
respect to an access control request that is outside the existing ACL. That is not the same as the 
subj ect matter of claim 33. 

Montague addresses a very different problem than Applicants' disclosure. Montague is 
concemed with handling a generic access control request fi-om a trustee and modifying an ACL 
into an updated ACL that reflects requested access permission changes, hi sharp contrast, claim 
33 addresses how to compare two ACLs to determine whether they are functionally equivalent, 
yet avoiding directly using possibly redundant, overlapping entries of one of the two ACLs. 
Since Montague addresses a very different problem, it provides a very different solution. For at 
least the reasons given above, claim 33 is allowable ow^r Montague. 

Claims 37 and 45 

Claims 37 and 45 are apparatus format claims that are similar in scope and include all 
features of method claim 33. Claims 37 and 45 are patentable over Montague for at least the 
same reasons as those given above in connection with claim 33. 

Claims 10, 11, 34-41 and 46-48 

Claims 10, 1 1, 34-41 and 46-48 depend from, and hence, incorporate all of the features of 
claim 33, 37 or 45 that are discussed above. These claims also recite fiulher features that 
independently render them patentable over Montague. However, because Montague lacks the 
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features discussed above for claims 33, 37, or 45, claims 10, 1 1, 34-41 and 46-48 necessarily are 
patentable over Montague for at least the reasons given above in connection with claim 33, 37 or 
45. 

B. 35 U.S.C. 103(a) - MONTAGUE and BRA WN 

Claims 14, 42 and 50 are rejected under 35 U.S.C. 103(a) as allegedly unpatentable over 
Montague as applied to claims 33, 37 and 45 and further in view of Brawn et al., U.S. Patent No. 
7,020,718 B2 (hereafter ''Brawn''). The rejection is respectfully traversed. 

Claims 14, 42 and 50 depend from, and hence, incorporate all of the features of claim 33, 
37 or 45. Claims 14, 42 and 50 also recite further features that independently render them 
patentable over Montague, Brawn fails to disclose any of the features of claim 33, 37 or 45 
previously discussed and therefore Brown does not cure the deficiencies of Montague that are 
described above, and any combination of Brown and Montague necessarily cannot provide the 
complete subject matter of claims 14, 42, and 50. Claims 14, 42, and 50 are patentable over 
Montague and Brawn for at least the reasons given above in connection with claim 33, 37 or 45. 

C. 35 U.S.C. 103i2i)' MONTAGUE and MATE 

Claims 15, 43 and 51 are rejected under 35 U.S.C. 103(a) as allegedly unpatentable over 
Montague as apphed to claims 33, 37 and 45, and further in view of Mate et al, U.S. Patent No. 
7,028,098 B2 (hereafter "Mate"). The rejection is respectfully traversed. 

Claims 15, 43 and 51 depend from and incorporate all of the features of claim 33, 37 or 
45. Claims 15, 43, and 51 also recite further features that render them patentable over Montague. 
Mate fails to disclose any of the features of claim 33, 37 or 45 previously discussed, and 
therefore Mate does not cure the deficiencies of Montague that are described above, and any 
combination of Mate and Montague necessarily cannot provide the complete subject matter of 
claims 1 5, 43, and 5 1 . Claims 1 5, 43, and 5 1 are patentable over Montague and Mate for at least 
the reasons given above in connection with claim 33, 37 or 45. 

C. 35 U.S.C. 103(a) - MONTAGUE and BANGINWAR 
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Claims 16, 44 and 52 are rejected vmder 35 U.S.C. 103(a) as allegedly unpatentable over 
Montague as applied to claims 33, 37 and 45, and further in view of Banginwar, U.S. Patent No. 
6,61 1,863 Bl (hereafter "Banginwar"). The rejection is respectfully traversed. 

Claims 16, 44 and 52 depend from, and hence, incorporate all of the features of claim 33, 
37 or 45. Claims 16, 44, and 52 also recite further features that render them patentable over 
Montague. Banginwar fails to disclose any of the features of claim 33, 37 or 45 previously 
discussed and therefore Banginwar does not cure the deficiencies of Montague that are described 
above, and any combination of Banginwar and Montague necessarily cannot provide the 
complete subject matter of claims 16, 44, and 52. Claims 16, 44, and 52 are patentable over 
Montague and Banginwar for at least the reasons given above in connection with claim 33, 37 or 
45. 

II. CONCLUSIONS 

For the reasons set forth above, it is respectfully submitted that all of the pending claims 
are now in condition for allowance. Therefore, the issuance of a formal Notice of Allowance is 
believed next in order, and that action is most earnestly solicited. 

If any applicable fee is missing or insufficient, throughout the pendency of this 
application, the Commissioner is hereby authorized to charge any apphcable fees and to credit 
any overpayments to our Deposit Accoimt No. 50-1302. 



Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: December 29, 2006 
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